Lucene search

[email protected]NVD:CVE-2006-5629

HistoryOct 31, 2006 - 10:07 p.m.

CVE-2006-5629

2006-10-3122:07:00

CWE-89

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.

Affected configurations

NVD

Node

hosting_controllerhosting_controllerRange≤6.1_hotfix_3.2

hosting_controllerhosting_controllerMatch1.1

hosting_controllerhosting_controllerMatch1.3

hosting_controllerhosting_controllerMatch1.4

hosting_controllerhosting_controllerMatch1.4.1

hosting_controllerhosting_controllerMatch1.4b

hosting_controllerhosting_controllerMatch6.1

hosting_controllerhosting_controllerMatch6.1_hotfix_1.4

hosting_controllerhosting_controllerMatch6.1_hotfix_1.7

hosting_controllerhosting_controllerMatch6.1_hotfix_1.9

hosting_controllerhosting_controllerMatch6.1_hotfix_2.0

hosting_controllerhosting_controllerMatch6.1_hotfix_2.1

hosting_controllerhosting_controllerMatch6.1_hotfix_2.2

hosting_controllerhosting_controllerMatch6.1_hotfix_2.3

hosting_controllerhosting_controllerMatch6.1_hotfix_2.4

hosting_controllerhosting_controllerMatch6.1_hotfix_3.1

hosting_controllerhosting_controllerMatch2002

hosting_controllerhosting_controllerMatch2002_rc_1

References

hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html

secunia.com/advisories/22607

secunia.com/advisories/28973

securitytracker.com/id?1017103

www.kapda.ir/advisory-442.html

www.securityfocus.com/archive/1/485028/100/0/threaded

www.securityfocus.com/bid/20661

www.securityfocus.com/bid/26862

www.vupen.com/english/advisories/2006/4296

exchange.xforce.ibmcloud.com/vulnerabilities/39036

www.exploit-db.com/exploits/4730

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for NVD:CVE-2006-5629

cve1 cvelist1 nessus1